MAL-2026-2032 Malicious code in @emilgroup/account-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0f59f1f2e562d8ef982bd182aa7338ac92a6d5b4b86234568efb7ed5cb09bd7 The package @emilgroup/account-sdk-node was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

CVE-2022-1930

An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...

The vulnerability of the encode_structured_data method in the PyPI eth-account package allows a attacker to cause a service failure.

The vulnerability of the encodestructureddata method in the PyPI package eth-account is related to incorrect data input used as a condition for loop execution. Exploiting this vulnerability could allow an attacker to cause service failures...

CVE-2022-1930

An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...